Cyber war has became a tool between political and military options

January 18, 2011

Stuxnet may be the most developed tool for cyber war today, it made more harm to Iran’s nuclear development program than all the sanctions and diplomatic negotiations together. Despite its effectiveness it helped to avoid traditional air strike which could cause destruction of military targets as well collateral damage in Iran and new conflicts/terrorist actions outside Iran. Stuxnet is prominent example about cyber war which may be new factor between political and military options.

Stuxnet surfaced in June and, by July, it was known that it is a highly sophisticated computer Malware (worm) – cyber attack – aimed at destroying an industrial process in the physical world. The real target was not Bushehr like earlier speculated but Iran’s centrifuge farm at Natanz, which enriches uranium and saw a major accident in early 2009.


The Stuxnet virus that has infected Iran’s nuclear installations may have been behind the decommissioning of 1,000 centrifuges at the Natanz uranium enrichment facility last year, according to a new analysis of the malicious software. The New York Times report on 16th January gives light to operation. According NYT Israel tested the Stuxnet virus in Dimona, Israel’s nuclear plant. Israel reportedly has centrifuges that are identical to those at the Iranian nuclear site in Natanz, which were used to test the Stuxnet computer worm. In 2008 German company Siemens cooperated with the Idaho National Laboratory, allowing it to identify problems in the company’s computer controllers, which are used in Iranian nuclear plants. The laboratory is part of the American Energy Department, which is responsible for nuclear weapons in the US. According to the NYT, Stuxnet was developed by the US and Israel, with help from the Germans and the British, who may not have known the part they played. The vulnerabilities identified in 2008 were used the following year by Stuxnet.

Stuxnet operates following way: First, it spun Iranian nuclear centrifuges out of control. It would also secretly record the daily routine at the nuclear plant and play back the recording of a regular day to operators at the plant. This way, it would seem that the facility was operating correctly, while the centrifuges were being destroyed. The Stuxnet virus enters computers through removable drives or through the internet. It then spreads to other computers and any drives that may be plugged into them. The virus searches for computers with Step 7, software that programs Siemens controllers. After a controller is infected, Stuxnet hides itself. After a few days, the virus speeds and slows motors in such a way that could damage them. At the same time, it sends out the false signals described above. The worm was reportedly only partially successful, delaying Iran’s progress but not destroying the nuclear sites. A Washington official told the Times that rather than allow Israel to attack Iran, the US wanted “to put time on the clock…and now, we have a bit more.” (Source: Jpost: ‘Israel tested Stuxnet virus on Dimona plant’ )

Stuxnet as part of campaign

The French weekly Le Canard enchaîné reported, quoting French intelligence sources, that US and UK intelligence services are cooperating with the Mossad to sabotage Teheran’s nuclear program in exchange for Israel agreeing not to launch a military strike on Iran. Acts of sabotage carried out in the past year in Iran were conducted by Israel with the help of the CIA and MI6, the sources said.

The sabotage included the introduction of the Stuxnet computer virus into 30,000 computers in Iran’s nuclear reactors and explosions in October in which 18 Iranian technicians were killed at a factory in the Zagros mountains that manufactured Shihab missiles. According to the sources, the assassination of five Iranian nuclear scientists were also carried out by the Mossad in cooperation with the American and British intelligence agencies. (Source:
JPost/Mossad, US, UK cooperating to sabotage Iran nukes )

Iran nuclear sites

Iran nuclear sites

Earlier in my article Saudi-Israeli cooperation for attacking Iran I described one process to prepare military option. The secret Saudi-Israeli meetings on Iran have been taking place for more than a year dealing extensively with clandestine cooperation between the two agencies and plans for attacking Iran. Arab and Western sources reported that they reached an agreement in the course of the year for Israeli fighter-bombers to transit Saudi air space on their way to bombing Iran’s nuclear facilities. The Saudis were even willing to build a new landing strip in the desert with refueling facilities for the use of the warplanes en route to their mission.

Some early steps of cyber war

Indeed cyber war is not only recent phenomenon; in 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. The code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion. (A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.)

In the late 1990s, a computer specialist from Israel’s Shin Bet internal security service hacked into the mainframe of the Pi Glilot fuel depot north of Tel Aviv. It was meant to be a routine test of safeguards at the strategic site. But it also tipped off the Israelis to the potential such hi-tech infiltrations offered for real sabotage. “Once inside the Pi Glilot system, we suddenly realised that, aside from accessing secret data, we could also set off deliberate explosions, just by programming a re-route of the pipelines,” said a veteran of the Shin Bet drill. So began a cyber warfare project which, a decade on, is seen by independent experts as the likely knew vanguard of Israel’s efforts to foil the nuclear ambitions of its arch-foe Iran. (Source: Reuters)

Cyber war in Tunisia too

Hacked GOT website

A sort of warm-up to the recent cyber war came with the release by WikiLeaks of a number of US diplomatic cables on Tunisia in late November and early December. The cables gave details about “Family-Mafia” lead by Tunisian President. A Lebanese news website that published the cables, Al-Akhbar, was blocked in Tunisia, and attacked by hackers. Political campaign on the internet escalated with Operation Tunisia (an open letter to media, request of help from journalists, bloggers, hackers) in which activists targeted government sites with Distributed Denial of Service (DDoS) attacks. The hackers also got their Open Letter on the main page in the Government of Tunisia website. (see a screenshot: Open Letter from hackers) During critical days social media have been used to help get people out on the streets.


Latest developments with cyber warfare show that Israel has a formidable offensive cyber-war-fighting capability stuxnet as its best example. This scale of tool can have its role in international geopolitics between diplomacy and traditional warfare. At regional/local level social media like twitter can be a decisive factor by collecting masses to throw out existing regime. WikiLeaks from its part makes official and clandestine diplomacy more public forcing states and companies revise their practices.

A list of cyber attack threat trends (from Wikipedia)
  • Internet social engineering attacks
  • Network sniffers
  • Packet spoofing
  • Session-hijacking
  • Cyber-threats & bullying (not illegal in all jurisdictions)
  • Automated probes and scans
  • GUI intrusion tools
  • Automated widespread attacks
  • Widespread, distributed denial-of-service attacks* Special Activities Division
  • Industrial espionage
  • Executable code attacks (against browsers)
  • Analysis of vulnerabilities in compiled software without source code
  • Widespread attacks on DNS infrastructure
  • Widespread attacks using NNTP to distribute attack
  • “Stealth” and other advanced scanning techniques
  • Windows-based remote controllable trojans (Back Orifice)
  • Email propagation of malicious code
  • Wide-scale trojan distribution
  • Distributed attack tools
  • Targeting of specific users
  • Anti-forensic techniques
  • Wide-scale use of worms
  • Sophisticated botnet command and control attacks